<?php
/* This file contains configuration for the service provider. */

/* Absolute path to the metadata file for this service provider. */
$lp_sp_metadata_file = '/etc/apache2/meta/example.org-spMeta.xml';

/* Absolute path to the metadata file for the IdP. */
$lp_idp_metadata_file = '/etc/apache2/meta/max.feide.no-idpMeta.xml';

/* Absolute path to the public key of the IdP. This option must be included,
 * even if the metadata for the IdP includes the public key.
 */
$lp_idp_public_key_file = '/etc/apache2/meta/max.feide.no.crt';

/* Entity id of the IdP. This should match the entity id in the metadata
 * of the IdP.
 */
$lp_idp_entityid = 'max.feide.no';


/* Path to search for SSL certificates (for HTTP-Artifact binding). You may
 * set this field to NULL if you don't need any special certificates.
 */
$lp_ca_path = '/etc/ssl/certs';


/*
 * Session handling
 *
 * These functions should be replaced with your own session handling methods.
 *
 */

/* Initialize a PHP session. */
session_start();


/* Function to save a variable in the session of the current user.
 *
 * Parameters:
 *  $name           Name of the variable which should be saved in the session.
 *                  This variable will always be prefixed by 'LP_'.
 *  $value          The value which should be stored in the session. This will
 *                  be a string. Note that the string may be several thousand
 *                  bytes long.
 */
function lp_session_set($name, $value)
{
  /* This implementation only stores the values in the PHP session store. */
  $_SESSION[$name] = $value;
}


/* This function retrieves a value from the session store of the current user.
 *
 * Parameters:
 *  $name           Name of the value which should be retrieved.
 *
 * Returns:
 *  The value which was stored with the given name in the session, or NULL
 *  if no such variable exists.
 */
function lp_session_get($name)
{
  /* This implementation fetches a variable from the PHP session store. */

  /* This check could possibly be dropped. */
  if(!array_key_exists($name, $_SESSION)) {
    return NULL;
  }

  return $_SESSION[$name];
}


/* This function receives the login information of the user after a successful
 * login. The information is in an array of arrays. The attribute name gives
 * the index into the first array, and all values are stored in the array
 * referenced by that index.
 *
 * After calling this function, the login handler will redirect the user to the
 * url passed to lp_init_login.
 *
 * Example of attribute array:
 *  Array
 *  (
 *      [mail] => Array
 *          (
 *              [0] => email@example.com
 *          )
 *
 *      [eduPersonAffiliation] => Array
 *          (
 *              [0] => student
 *              [1] => member
 *          )
 *
 *  )
 *
 * Parameters:
 *  $attributes     The attributes of the user.
 */
function lp_on_login($attributes)
{
  /* This implementation only stored the data in the 'LP_ATTRS' session
   * variable. Note that this will store an array object, and not a string.
   *
   * Note that there is no requirement that the attributes are stored anywhere.
   * You can do exactly what you wish to with the attributes.
   */

  $_SESSION['LP_ATTRS'] = $attributes;
}


/* This function logs the user out. It is called whenever lp_init_logout is
 * called, and also any time the user initializes a global logout from any
 * other site. A service provider should be prepared to receive a logout
 * request at any time - even if the user isn't currently logged in.
 */
function lp_on_logout()
{
  /* This implementation of the function only destroys the current session. */
  session_destroy();
}




/* This function decodes attributes. It receives an attribute name and the
 * text in the AttributeValue element, and parses it into attribute values.
 *
 * Parameters:
 *  $name           The name of the attribute.
 *  $text           The text in the AttributeValue element.
 *
 * Returns:
 *  An array if this text decodes to multiple values, or any other value if it
 *  decodes to a single value.
 *
 *  If you want to return a single value which is  an array, you should enclose
 *  it in another array.
 *
 *  If you don't want to store this value, then you should return NULL.
 */
function lp_decode_attribute($name, $text)
{
  /* This is a FEIDE specific decoder. It assumes that multi-valued attributes
   * are passed as <base64 encoded value>_<base64 encoded value>_....
   */

  $ret = array();

  /* FEIDE specific - split and decode the attribute. */
  foreach(split('_', $text) as $value) {
    array_push($ret, base64_decode($value));
  }

  return $ret;
}

?>